Added a Patch to fix a local privilege escalation in udev.
authorStefan Schantl <Stevee@ipfire.org>
Sun, 3 May 2009 09:06:53 +0000 (11:06 +0200)
committerStefan Schantl <Stevee@ipfire.org>
Sun, 3 May 2009 09:06:53 +0000 (11:06 +0200)
CVE-2009-1185: udev did not check the origin of the netlink
messages. A local attacker could fake device create events
and so gain root privileges.

More information on:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186

lfs/udev
src/patches/udev-CVE-2009-1186.patch [new file with mode: 0644]

index 4667ff4a68b70f3c370531ef33388b0387bf60ae..4d14fdee0eb47bd8372a84422f97570d46224f6c 100644 (file)
--- a/lfs/udev
+++ b/lfs/udev
@@ -81,6 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/udev-096-netif_rename.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/udev-CVE-2009-1186.patch
 ifeq "$(LFS_PASS)" "install"
        cd $(DIR_APP) && make DESTDIR=/install/initrd sbindir=/sbin udevdir=/dev
        cd $(DIR_APP) && make DESTDIR=/install/initrd sbindir=/sbin udevdir=/dev install
diff --git a/src/patches/udev-CVE-2009-1186.patch b/src/patches/udev-CVE-2009-1186.patch
new file mode 100644 (file)
index 0000000..56332ca
--- /dev/null
@@ -0,0 +1,20 @@
+--- udev-141/udev/lib/libudev-util.c.CVE-2009-1186     2009-04-08 09:04:26.000000000 -0400
++++ udev-141/udev/lib/libudev-util.c   2009-04-15 13:25:10.000000000 -0400
+@@ -9,6 +9,7 @@
+  * version 2.1 of the License, or (at your option) any later version.
+  */
++#include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stddef.h>
+@@ -103,6 +104,9 @@ int util_log_priority(const char *priori
+ size_t util_path_encode(char *s, size_t len)
+ {
++        if (len == 0 || len > (SIZE_MAX - 1) / 4)
++               return 0;
++
+       char t[(len * 4)+1];
+       size_t i, j;